﻿<?php
header("Content-Type:text/html; charset=UTF-8");

/*
$_POST["no"]="1112311";
$_POST["name"]="1";
$_POST["department"]="1";
$_POST["class"]="1";
$_POST["qq"]="1";
$_POST["tel"]="1";
*/

//php防注入和XSS攻击通用过滤.
$_GET     && SafeFilter($_GET);
$_POST    && SafeFilter($_POST);
$_COOKIE  && SafeFilter($_COOKIE);

function SafeFilter (&$arr)
{
    $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
    if (is_array($arr))
    {
        foreach ($arr as $key => $value)
        {
            if (!is_array($value))
            {
                if (!get_magic_quotes_gpc())             //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
                {
                    $value  = addslashes($value);           //给单引号（'）、双引号（"）、反斜线（\）与 NUL（NULL 字符）加上反斜线转义
                }
                $value       = preg_replace($ra,'',$value);     //删除非打印字符，粗暴式过滤xss可疑字符串
                $arr[$key]     = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
            }
            else
            {
                SafeFilter($arr[$key]);
            }
        }
    }
}

if(!isset($_POST["name"])){
Header("HTTP/1.1 303 See Other");
Header("Location: https://bitshe.cn");
    exit; 
}else{
    $ret= array(
        'ok' => false,
        'code'=>0,
        'msg'=>'',
    );
    //合法性检测
    if($_POST["no"]=="" || $_POST["no"]==null){
        $ret['ok']=false;
        $ret['code']=3;
        $ret['msg']='学号没有填写';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    if($_POST["name"]=="" || $_POST["name"]==null){
        $ret['ok']=false;
        $ret['code']=1;
        $ret['msg']='姓名没有填写';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    if($_POST["department"]=="" || $_POST["department"]==null){
        $ret['ok']=false;
        $ret['code']=4;
        $ret['msg']='院系没有选择';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    if($_POST["class"]=="" || $_POST["class"]==null){
        $ret['ok']=false;
        $ret['code']=6;
        $ret['msg']='班级没有选择';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    if($_POST["qq"]=="" || $_POST["qq"]==null){
        $ret['ok']=false;
        $ret['code']=7;
        $ret['msg']='QQ没有填写';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    if($_POST["tel"]=="" || $_POST["tel"]==null){
        $ret['ok']=false;
        $ret['code']=8;
        $ret['msg']='电话没有填写';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    $db=new mysqli('localhost','root','8japNWTQaTCcS7BP','bitshebm');
    if(mysqli_connect_errno($db)){
        echo mysqli_connect_error();
        exit;
    }
    mysqli_query($db, "SET NAMES UTF8");//UTF8数据表，防止乱码
    
    $chongfu=$db->prepare("SELECT `学号`, `报名日期` FROM `bitshebm`.`社团招新-201810` WHERE `学号`=?");
    $chongfu->bind_param("s",$a);
    $a=$_POST["no"];
    $chongfu->execute();
    $chongfu->store_result();
    $shu=$chongfu->num_rows;
    if($shu>0){
        $ret['ok']=false;
        $ret['code']=9;
        $ret['msg']='这个学号已经报名过了';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }

    
    $chongfu=$db->prepare("SELECT `学号`, `UAIP` FROM `bitshebm`.`社团招新-201810` WHERE `UAIP`=?");
    $chongfu->bind_param("s",$a);
    $a=$_SERVER["REMOTE_ADDR"];
    $chongfu->execute();
    $chongfu->store_result();
    $shu=$chongfu->num_rows;
    if($shu>=10){
        $ret['ok']=false;
        $ret['code']=9;
        $ret['msg']='本IP地址报名数量过多';
        $json_string = json_encode($ret);
        echo $json_string;
        exit;
    }
    
    if(strstr($_SERVER["HTTP_USER_AGENT"], 'QQ/')){
        $ua='QQ';
    }ELSE IF(strstr($_SERVER["HTTP_USER_AGENT"], 'Alipay')){
        $ua='支付宝';
    }ELSE IF(strstr($_SERVER["HTTP_USER_AGENT"], 'MicroMessenger/')){
        $ua='微信';
    }else{
        $ua='其他';
    }
    date_default_timezone_set('PRC');
    $date=date('Y-m-d H:i:s',$_SERVER["REQUEST_TIME"]);
    
    $stmt = $db->prepare("INSERT INTO `bitshebm`.`社团招新-201810` (`Id`, `姓名`, `学号`, `院系`, `班级`, `QQ`, `电话`, `擅长`, `期待`, `报名日期`, `UAIP`, `UAFeature`) VALUES (  ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ,?)");
    $stmt->bind_param("isssssssssss",$bianhao,$a,$b,$c,$d,$e,$f,$g,$h,$i,$j,$k);
    $a=$_POST["name"];
    $b=$_POST["no"];
    $c=$_POST["department"];
    $d=$_POST["class"];
    $e=$_POST["qq"];
    $f=$_POST["tel"];
    $g=$_POST["skill"];
    $h=$_POST["expect"];
    $i=$date;
    $j=$_SERVER["REMOTE_ADDR"];
    $k=$ua;
    
    $stmt->execute();
    $stmt->close();
    $db->close();
    $ret['ok']=true;
    $ret['code']=0;
    $ret['msg']='报名成功';
    $json_string = json_encode($ret);
    echo $json_string;
}
?>
